We have a process that writes events to a file, without a timestamp. The file names themselves are suffixed with a timestamp, which is the timestamp that should be used for all the events in the file. Now, I am trying to parse the file by using the input file plugin of logstash. Is there a way by which I could get the name of the file to a field, so that I can then use the gsub filter to extract out the timestamp and then use the date filter to set the timestamp to the event?
Asked
Active
Viewed 6,196 times
2
-
Would you like to share an example of the filename, and show a sample of the code you use to open the file? – the Tin Man Sep 10 '12 at 07:16
-
an example filename is stats.log.1317452400. I have not written any code to open the file. I use logstash's input file plugin to do that: http://logstash.net/docs/1.1.1/inputs/file – kbsbng Sep 10 '12 at 08:00
1 Answers
0
I had a similar need, and asked this question again - so you can find a more up-to-date answer in this question thanks to Jettro Coenradie :)
